Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
madunix
New Contributor

Zeus

How yo block Zeus?

3 REPLIES 3
gschmitt
Valued Contributor

AV:

Go to Security Profiles > AntiVirus and change the radiobutton below ☑ Detect Connections to Botnet C&C Servers from Monitor to Block, hit Apply

 

Application Control:

Go to Security Profiles > Application Control, click the Botnet Category and select Block, hit Apply

 

Make sure that the Security Profile is active on your internal to wan policy. Either one should work.

ede_pfau
Esteemed Contributor III

Either one should work.
Actually, the two work on different aspects of botnets.

 

The botnet C&C IP address blacklist is distributed and updated via the AV engine. This is a simple but effective address filter with near to no impact on CPU.

The AppCtrl signature checks for botnet activity which is not necessarily traffic to the C&C servers.

As such, CPU or CP load is a bit higher.

 

Both methods should be used at any installation as they complement each other.

 


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
madunix

Done ...